Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."

so you were wrong in your assumption - that the web browser gets hacked shouldn't grant you full root powers, but it does. and ironically for the older devices you need to jailbreak to close that hole or risk being jailbreaked by random sites you visit.

Two past jailbreaks worked with a website based infection. The vulnerability behind the second one has been around since day one, but was never discovered by Apple (at least never fixed by Apple) or publicly disclosed by the jailbreak community. Who's to say that there isn't another one or that the hole that was around for years wasn't actually used for evil?

As a technical note the recent hole was a vulnerability in the PDF viewer and only required the user to view an infected PDF.

On another note, you didn't have to jailbreak to be vulnerable. Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions. So, jailbreakers are actually safer. To this day, if you have an old enough iPhone that is not jailbroken, you are julnerable to a website based attack.

Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions.

Not only were all jailbroken iOS devices patched (if the patch was installed, that is), but they were patched much faster than "vanilla" devices.

Saurik released the patch within days of jailbreakme's debut. It took Apple almost two weeks. Two weeks during which there were a metric fuckton of jailbroken iPhone 4's on display in just about every Apple store on the planet, which I think is fucking hilarious. I wonder if Jobs had those phones tossed into a pit of fire to keep up the "r00t is bad for you, good for us" charade.

[offtopic] Anyone else want to see some legislation that prevents companies like Apple from voiding a warranty on Hardware based on the software you run on it? I mean, that would be like refusing the warranty on a laptop with a broken hinge because it had Linux on it... Oh wait a minute... [hexus.net]
[/offtopic]

There was a jailbreak that did allow infection by visiting a website. But hey, you're yet another mysterious, anonymous poster bashing Apple for being closed. I'm sure you won't be posting multiple times here...

Well I'm not that guy, as I think ACs are the cancer killing/. and making it too much like the chans, but it seems to me the solution would be allowing an "end run" like Apple did with iTunes DRM. What they should do is put a button in the options that says "If you type in your name in this box and pick yes the phone is officially jailbroken. We hold NO responsibility for it any more, you void the warranty, blah blah blah all the legalese" and if the owner follows the instructions he/she has a broken phone

Well I'm not that guy, as I think ACs are the cancer killing/. and making it too much like the chans

You do realize how hilarious that sounds from someone so high up the ID ladder?I mean.. if ACs were 'cancer killing Slashdot' - how did you get here?Fuck... How did I get here? Shouldn't this place have been dead somewhere around 30k accounts?

but it seems to me the solution would be allowing an "end run" like Apple did with iTunes DRM. What they should do is put a button in the options that says "If you type in your name in this box and pick yes the phone is officially jailbroken. We hold NO responsibility for it any more, you void the warranty, blah blah blah all the legalese" and if the owner follows the instructions he/she has a broken phone and is on their own. This would allow Apple to have a legal way to disolve any responibility for the phone, while allowing the owner to do what they want with the phone. Better than having to have users "hack" their phones and risk Apple iPhone becoming a haven for malware pretending to be jailbreaking tools. Seems like a win/win to me.

Seriously... Do you do stand-up in your free time?

But please... do keep it up. This place COULD use some naivete.We are all WAY to cynical.

Actually I've been lurking around here since the late 90s, I just never bothered to make an account because I didn't feel I had something to contribute, and therefor didn't actually make an account until a user posted a question needing help with a Windows bug I had dealt with and knew and easy workaround, since many here on/. are old Unix greybeards and I'm the token windows greybeard.

And what EXACTLY is so funny about my suggestion? Electronic signatures have been recognized in all 50 states. I don't see

The 'funny' part is in the fact that you are treating this as if it is a technical problem with a technical solution.Namely, "let's wash our hands off this and give them a jailbreak button"-solution. It isn't.

Apple is a corporation - first and foremost.THEN, after we establish that, we determine what kind of a corporation they are this day, month, decade... Are they more into technical business, artistic, musical, IP rights... etc.Being a corporation, their main (possibly only

And even better, there are some 6 million non-upgradable first-generation iPhones that are now a botnet waiting to happen.

We don't expect new features for such old phones, but we do expect you to not stop putting out security fixes after barely three years. Hell, even Microsoft is more serious about security. Fuck you, Steve.

Yes, and Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy. What's the point? That a user installing an application needs to trust its source? This has been true ever since there has been third party software.

A lot of people who have Apple things think that they can go to whatever websites they want and download whatever the hell they want because they "can't get viruses".
One of my friends on facebook got clickjacked and posted some.ru site, and a lot of people commented saying to not click on it because it is a virus, and then some guy said "lol i clicked on it anyway becuase i'm on a mac so i can't get a virus".
-_-
But, yeah, I think that we should all work together as a family to help people not get infec

Yes, and Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy. What's the point? That a user installing an application needs to trust its source? This has been true ever since there has been third party software.

Shame on Slashdot for pushing this.

And shame on Trustwave for shilling for Apple.I'd like to follow the money, but we'll never get the chance.

The researcher took the obvious step of adding malware code to a jail break program. While the article reports that the Jailbreak app will lead the way for more malware, it also stated this which contradicts:

The program is harmless and the vulnerabilities in question were patched by Apple in early August. However, Monti warns that more and more high value applications on the iPhone will increase the attractiveness of the platform for malicious parties, including banking and e-commerce.

Emphasis mine.

Also the "more and more high value" application line warrants a "no shit sherlock". Willie Sutton robbed banks because that was where the money was.

Basically this just shows that you need to know the risks before you jailbreak your phone. This is true for any phone OS, since jailbreak is a political term for rooting. Check the source (as in where you downloaded) and compare the binary with a known reliable hash (eg. MD5, etc). When you leave the comforts of the installed ROM, you need to be more vigilant about your security.

Notice that the remote hole in iOS up to 4.0.1 can be exploited by any site. You do not have to accept the exploit, it can simply install itself in secret. So anyone on firmware lower than 4.0.2 should either upgrade their iOS, or stop using the internet, or jailbreak, after which they can install the unofficial patch from Cydia. For original iPhone users only the latter two options are available.

This is true for any phone OS, since jailbreak is a political term for rooting.

I thought that jailbreaking meant getting your process access to parts of the file system outside of the chroot() jail, whereas rooting meant getting root access for your process. Is this always the same thing or does one require the other on all phone OSes?

I'd wager that for most people, there's no reliable way to "check your source" for most apps offering "something for nothing" (ie, cracks, rooting, jailbreaking, etc). Many are written by anonymous entities and distributed diffusely to avoid the wrath of whoever produces the device they're trying to circumvent. In some instances there's a reliable distributor, but in many cases not.

But I also wonder if going after a jailbeak app as a target they might be going after the right audience -- people willing to

There are too many Apple things as of late. I get the feeling we aren't getting other news because of them.Not saying it's good or bad but it's making my feel reader feel like I am following an Apple-only site, which is not the purpose of Slashdot.

If other companies make worthwhile things, we will read about them too. I'm sure in a few hours some Linux distro will release a new version, hackers will find yet another hole in a Microsoft product, Sony will find yet another way to piss off their customers or Square-Enix will announce they're doubling the monthly fees of Final Fantasy XIV.

Hey that's fine, let's just turn this into an advantage by taking every opportunity to point out what is wrong with Apple's software environment. I'll start.

The biggest piece of malware running on your iPhone is the OS itself. You cannot remove it, you cannot disable it, you cannot cut out the parts you don't need. iPhone is, at best, a play-toy: nothing serious should be done with that device. Apple can see everything you are doing with your iPhone at will. Apple is literally looking over your shoulder w

Obviously, if you're going to use pirated or [i]any[/i] other illegal kind of software, you are owned by the malware that comes with it 90%. (That's why I stopped using pirated Windows ten years ago when internet-aware malware became popular -- I didn't want to share my credit card numbers and passwords with the pirates.)

demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware

The authors of JailBreakMe should be scorning this act and sending legal threats (if possible) to the people contorting their Jailbreak software into a malware infection tool.

Apple is going to finally stand up, take notice, and kill the jailbreaking software, to public applause, if malware starts taking advantage of it, it will be more than a theoretical matter of security.

I will applaud Apple for closing any hole used to jailbreak without a USB cable involved, whether it gets to malware stage or not.

Apple seem to respond faster to these sorts of vulnerabilities than they do to ones that are only usable if you have physical control over the device, so I don't think there's any cause for concern that Apple will step up their counter-jailbreak programme if theoretical attacks become reality.

Apple stopped firmware updates for iPhone2G (edge). It is blocked at iOS313, forever.So, iPhone2G misses a lot of security updates. The old edge iPhone is really full of holes.And nobody will secure it.Steve, please, help !!

Apple stopped firmware updates for iPhone2G (edge). It is blocked at iOS313, forever.So, iPhone2G misses a lot of security updates. The old edge iPhone is really full of holes.And nobody will secure it.Steve, please, help !!

You appear to have not purchased a new iPhone in over two whole years. I don't know what backwoods, 3rd world nation you come from that you expect the most expensive phone you've ever purchased to last more than two years, but you are obviously not our target demographic. Thank you for your money, and please return to us when you are willing to follow our clearly laid out expectations for making new purchases/upgrades.Cheers!Steve J.

Rooting an iPhone does not give you full control over the device. At best, you get to run your code with the highest privilege, but you are still stuck with an opaque proprietary OS that will spy on you around the clock. No amount of rooting will help you to get rid of malicious "features" programmed by Apple itself.

Good God. Is the level of Apple hate so high that this has to be twisted into some sort of conspiracy about Apple?

Of all places, slashdot should be the sort of place that understands the nature of security exploits - which is exactly what the jailbreak takes advantage of. Colour me *utterly unsurprised* that the same exploit (and any tools created to make use of it) can be changed to do things that you really don't want.

Apple has nothing to do with this (apart from shipping software with a security flaw, but they are not unique in that respect).

I don't think it's about people like the GP "hating" Apple. It's more like a complete lack of trust in Apple.

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance. In fact, with.NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.

So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger. If this is indeed the case, I would like to see more evidence to support the allegations made by people like the GP, but at least try to see where people like the GP are coming from.

These days, Apple is doing things that even Microsoft never stooped to doing.

I've seen many comments similar to this one recently and I just don't understand it. Look at how MS funneled money into SCO to attack Linux, how they strong-armed Novell into a "licensing agreement," how they pressured governments into making OOXML a standard, or intentionally selling defective XB360s. Those are things that Apple never stooped to doing, and that's just recent history. Halloween document anyone?

Apple retaining tight control over the Mac platform isn't stooping to anything. It's what they've always done and will continue to do, much to their users' delight. Why should Apple change their business model to appease geeks who won't buy their products anyway? It doesn't matter what Apple does, people who hate Apple will never buy their products. Why should they change because of disdain from non-customers?

Microsoft has, throughout the years, continuously engaged in unethical business methods. I challenge you to cite one case of Apple doing anything unethical that Microsoft "never stooped to doing." There is no moral imperative that requires software to be open and free. I can think of many economic and technical arguments for open and free, but no moral ones. It's morally wrong to sell a product you know won't last more than six months with just average usage because you're ripping people off (don't give me that warranty crap -- it was extended because the math declared it necessary). It's morally wrong to extort people (Novell, SCO). It's morally wrong (at least in most cases) to lie (everything associated with OOXML was a pack of lies). To the best of my knowledge Apple doesn't exploit, extort, or engage in dishonest business practices. And even if an instance or two can be found, it hasn't been their business model since the company was founded. So how exactly are they stooping below MS?

I can think of many economic and technical arguments for open and free, but not moral ones.

I'm going to refute myself real quick because this just occurred to me. In educational and government settings, open and free is a moral imperative because without these conditions, knowledge can be kept secret by those who have it and those who can afford it. A society cannot be free without knowledge, and I doubt anyone would argue that it's ethical to limit another's freedom. But with private entities, such as corporations and individuals, there is no imperative to share knowledge. A government that keep

They both use their positions to bully 3rd parties and competitors. I don't see how one is any better than the other. Apple also has a habit (not that Microsoft doesn't) of getting patents on stuff that they know they didn't actually invent, then suing the bejesus out of everyone else (multi touch anyone?) including the original inventors. How is that ethical? Sorry, Apple is the new MS. Live with it.

I've seen many comments similar to this one recently and I just don't understand it. Look at how MS funneled money into SCO to attack Linux, how they strong-armed Novell into a "licensing agreement," how they pressured governments into making OOXML a standard, or intentionally selling defective XB360s. Those are things that Apple never stooped to doing, and that's just recent history. Halloween document anyone?

The GP's statement is correct though. Apple does annoying things MS doesn't. But both companies annoy me, and I avoid dealing with them, just for different reasons. Just that Apple doesn't fund SCO, or that MS doesn't control their hardware with an iron fist doesn't make either company automatically awesome in my eyes.

Apple retaining tight control over the Mac platform isn't stooping to anything. It's what they've always done and will continue to do, much to their users' delight. Why should Apple change their business model to appease geeks who won't buy their products anyway?

So that we buy their products, of course.

It doesn't matter what Apple does, people who hate Apple will never buy their products.

That's a mistake. I don't dislike Apple because it's Apple. I dislike Apple because of what Apple currently does. If they change what they do, I might change my mind. It's simple.

I change my mind on companies. Years back, in my mind, "Blizzard" equated with "awesome". These days it equates with "no way I'm paying". It could change back if they started making stuff I'd be willing to buy again.

Why should they change because of disdain from non-customers?

Because this non-customer could be a customer if they made something I like.

Congratulations, you are one of the few people that change their mind when the situation changes. I am not sarcastic; I am totally serious. Most people frame an opinion about something (e.g. Apple), and that opinion usually is very hard to change, no matter what the company does. Even if Apple came out with a new iPhone that is completely open and you can install whatever you want, there will be some Apple-haters here that will find some reason why this is bad. And vice versa: If Apple decided that only fai

And another thing, regarding your first paragraph: Apple does things that annoy you, but they are not immoral, just... annoying. Contrast that with MS.

Eh, that's not exactly it. For me, Apple has long ago reached the point of "I'm sure I don't want to buy their products". The things they do that make me decide not to buy their products are in my view are very unlikely to change. If they were to change, I'd be very unlikely to miss it. Due to this, I don't pay very close attention to them, because one minor

Generally reasonable points. (I know, wtf, this is an Apple article). One thing to keep in mind is that Apple has certainly done the analysis and determined that making things open enough for one geek to purchase their products would result in changes sufficient to prevent X number of non-geeks from buying them, where X > 1. This would make them less money and given how much cash and cash equivalents they have on hand, Apple is very much interested in money.

Thanks for the post. I wanted to say something to the same effect, but you beat me to the punch. Anyhow, people here just don't understand that Apple (under Jobs) has always believed in controlling every aspect of its ecosystem (Citation [cultofmac.com]). The only time the MacOS was licensed was when Jobs wasn't in Apple, and that was their worst years.People love Apple's products because they are easy to use from the get-go and part of that ease of use comes from controlling both the hardware and the software completely (

Just FYI, I was an Apple customer. Had an iPhone 3G and then a 3GS. Because of Apple's actions that hurt developers, I got rid of my Apple phone and bought an Android handset. So I'm one example of an Apple customer actively moving to a different manufacturer, solely because of Apple's anti-developer actions. In a world of 6 billion people, I wonder if I'm the only one?

If Apple had been nicer to developers, I'd have bought an iPad by now.

How does Apple hurt developers? By creating the world's most successful mobile app store? "Help! Apple's making it too easy for us to make money!" is the cry heard from developers far and wide?

They have done some things that don't help some developers. For example, the requirement of using Objective-C, C++, or C doesn't help Java programmers, but it doesn't hurt them. Refusing to carry buggy apps, or apps that run afoul of a limited number of guidelines, in their store doesn't help developers of such apps,

"To the best of my knowledge Apple doesn't exploit, extort, or engage in dishonest business practices."

To the best of my knowedge, no Applezoid has ever accepted that Apple is a self preserving, spin marketing megacorp like any other. Are you seriously suggesting you are unaware of the iPhone 4 antenna debacle and subsequent denial by Apple?

Yes, I'd be inclined to agree that MS have demonstrated more underhand tendencies over the years than Apple. But Apple today very much practices the same self-preservi

You mean the "debacle" where the antenna was better than the previous version on the 3G and was providing signal at the extreme edge reception (where the 3G could not) that it subsequently dropped if the user detuned it by holding it in a specific way (a fact not unique to the iPhone 4, just exaggerated due to the design), that subsequently spawned an investigation from Apple that they published, along with a free case program for all iPhone 4 users to correct the design flaw?

Oh please. Apple's own engineers warned Jobs of the issue [bloomberg.com] right from the earliest design meetings, but were overruled. When users -shock- began complaining soon after launch, Jobs personally dismissed the "non-issue", telling them to "avoid holding it in that way. [bloomberg.com]"

Even when Apple *finally* accepted there was a problem at the 16 July press conference (only after a damning confirmation of the issue from Consumer Reports [consumerreports.org]), there was no "mea cupla". They claimed the problem was common to all internal antenna ph

It *is* common to *all* antennas - it is the physics of antennas. It's just accentuated by a design that is sensitive to detuning. There are examples of other manufacturers' manuals warning against "holding in a specific way" or more usually, to avoid touching the phone in a specific area while making calls.

As with any issue, the legal climate pretty much enforces a "don't admit anything publicly until we have something in place with legal, and a solution". It's not the first product to have had engineering

Yeah! Apple has never done anything so lowly as Microsoft selling defective hardware like XBox and such! Those iPhones were all just being held wrong and it takes FAR longer to make a white iPhone 4 than it does a chrome colored one because we all know that white is EXTREMELY difficult to come by!

Hmm. Well, my day-1 iPhone 4 has no problems being held (neither do any of the others used by folks I know), and if you'd ever worked in manufacturing you'd know that getting a consistent white between different materials, especially when some are encased in glass and others aren't, is damn hard.

My iPhone 4 has problems if I hold it wrong. It also says 'Samsung' and is a flip phone, but according to/. only iPhone 4s have problems with being held incorrectly so my phone must somehow be an iPhone 4.

You're one of the lucky ones, my iPhone4 drops calls notoriously, and God forbid I try to call another iPhone4 user, as the incidence of dropped calls then grows exponentially...

The free case made a difference, but the proximity sensor issue allowing my face to mute the phone, or better yet, pull up the keypad and hit numbers while I'm talking makes this phone, as a phone, a worthless pile of crap.

Now as an awesome pocket computer/ipod it rocks the house, but FFS it's a phone and it should work proper

See, this is the kind of post I was talking about. There are an awful lot of mysterious anonymous posters now who criticize Apple and try to rally the hardcore nerds against them. The goal with your post is to make everyone see them as Microsoft. Just look at the absurdities in your post:

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance.

Apple is the one submitting their language changes for standardization

So, where is the ISO standard for any version of Objective-C?

What does that matter if the target is.NET, which is tied to Microsoft platforms?

The spec - CLR, C# etc - is not tied to any platform. A particular implementation of said spec, such as.NET is.

Meanwhile, Objective-C and Cocoa is just as much tied to Apple platforms in practice. Yeah, there's GNUstep etc, but just the same as Mono, it lags significantly behind. Probably more so than Mono, in fact.

Besides that, there are always going to be APIs a system provider uses that you can't. They're the ones providing the platform; of course they're going to have greater privileges and stricter control over third-party use, for the sake of the platform.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

This is no secret, and certainly nothing new. When Apple is developing a new application, and they need support for some new technology in the operating system, they often build the two pieces side-by-side, and until they feel confident that they've gotten it right, they don't always publicize the APIs. They freely acknowledge that these private APIs exist, and warn developers not to use them, because private APIs are subject to change in incompatible ways without warning or documentation. Once the bugs

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance. In fact, with.NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

MS only supports 3 official.NET languages: their languages (C++, C#, and VB). All other languages are outside MS. For implementations like Mono, there is no official guarantee that MS will harm the implementation. For Apple there were 3 languages that you could use for Carbon: C, Objective C, and Java. Cocoa never supported Java. Going forward, Apple will no longer maintain Java. However, Apple has never stopped anyone from developing Flash or Java or Python for Mac; they are not going to use those la

Can you cite an example of this behavior? I believe hackers that would exploit a hole on a closed platform would also exploit the hole if the platform were open. The key issue is not whether the platform is open or closed but that there are hackers willing to exploit holes for their own gain.

Firefox. There are patches given back by the community to exploits all the time that could be sold on the black market instead.

There is no "own gain". iPhone exploiters are doing so for the good of the many. If they wanted personal gain, they'd never release a public root app. Every time they do so, Apple patches the exploit, and thus they can no longer use it. If it were for personal gain, they'd keep it to themselves, and wouldn't have to constantly be searching for a new exploit. OR, they'd be s

You completely missed my point. The type of altruistic people that find and report holes would do so regardless. The type of people that take advantage of exploits for their own gain would also do so regardless of the openness of the target.

I mentioned this elsewhere--I think the bizarre level of Apple hatred is due to astroturfers with a vested interest in Android. The goal is to make Apple look bad and rally the hardcore geeks against them.

Notice how many anonymous posters there are that criticize Apple in a story. You can already see a few posting to this one. Something fishy is going on.

yep. the only reason he did this with an apple device is that it iphones are getting a lot of press and he needed press. because otherwise it's just an obvious excercise about what could be done(using a fairly well known attach and then doing whatever).

I bet that most people using JailbreakMe or other variants don't realize they could be installing malware. They just want to install non-approved software or in most cases pirated software and heard about jailbreaking.

I've actually had someone reply to me that "there's no mention of anything else than jailbreaking on the webpage of the hack, and I'm not important enough for people to spy on me anyway". Most people don't understand technology and will believe what they are told, good or bad.

Just because Slashdot readers understand technology doesn't mean regular users do. Just two days ago I was discussing with someone in his 70's how "the blue E" wasn't the internet and how Wikipedia wasn't an competitor to Google Chrome.

Hell, the OLF (Office de la langue française) wants people to say "Sites internet" instead of "Sites Web" because web is an english word, even though internet is the network itself and isn't limited to the Web. If even official channels are messing up terms, how is the general public supposed to clearly understand the concepts? It's no wonder we still have people who think the "blue E" is the internet itself.

I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.

Just like a used car salesman, I guess. He helps by selling you a car that you want, but he also screws you with a POS car that will need more repairs than the cost of the car itself. Unless you're a mechanic, and most people aren't. Just like most people don't understand technology.

I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.

I believe you are wrong. The mere fact that you are intentionally using ( inherently informed consent), disqualifies jailbreak/rooting as malware.

From wikipedia: "Malware (also: scumware), short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. "

It can be both helpful and malicious at the same time. It's still malware if you intentionally install it for the purpose of the advertised jailbreaking but the software also does malicious things in the background without your knowledge.

An informed consent can be said to have been given based upon a clear appreciation and understanding of the facts, implications, and future consequences of an action. In order to give informed consent, the individual concerned must have adequate reasoning faculties and be in possession of all relevant facts at the time consent is given.

In medicine, if I tell someone about a surgery and he consents, but later something bad happened that he says he did not appreciate beforehand, it is as if no informed consent was given. I doubt most JailbreakMe users understand the implications of the exploit used (heck, I sure as hell don't), and I am sure the site does not go into too many details to make the users understand. So from a legally binding viewpoint, there is no informed cons

I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.
Yeah, it kinda does, unless you think DeCSS was malware. Unless you think allowing homebrew on the Wii is malware, or full screen from a memory stick on PSP to be malware. See if I use the software for my benefit and I'm not harming anyone else then it isn't malware. It's simply exploiting a fault

While I strongly suspect that Apple had absolutely nothing to do with it(Steve Jobs probably personally kills someone from PR every time "malware" appears in the same sentence as any Apple product, unless it's a sentence about immunity thereto), it does raise the important notion of the security downsides that also exist in walled garden environments.

The security upsides are obvious. Whitelisting is easier than blacklisting. Enumerating goodness vs. badness, users are idiots who will click anything, etc.